>> Live from Boston, Massachusetts, it's The Cube, covering AWS re:Inforce 2019. Brought to you by Amazon web services and its ecosystem partners. >> Hey, welcome back everyone. It's The Cube's live coverage here in Boston, Massachusetts for AWS re:Inforce. This is Amazon web services' inaugural security conference around Cloud security. I'm John Furrier. My host Dave Vellante. We've got special guest, we've got another CSO, Dan Meacham, VP of Security and Operations at Legendary Entertainment. Great to see you. Thanks for coming on The Cube. >> Oh, thank you. It's a very pleasure to be here. >> We had some fun time watching the Red Socks game the other night. It was the best night to watch baseball. They did win. >> Was it ever. >> Always good to go to Fenway Park, but we were talking when we were socializing, watching the Red Socks game at Fenway Park about your experience. You've seen a lot of waves of technology you've been involved in. >> Yes, yes. >> Gettin' dirty with your hands and gettin' coding and then, but now running VP of Security, you've seen a lot of stuff. >> Oh. >> You've seen the good, bad, and the ugly. (laughing) >> Yeah, fun business. >> It is. >> You guys did Hangover, right? >> Yes. >> Dark Knight. >> Yes. >> Some really cool videos. >> Good stuff there, yeah. And it's just amazing cause, you know, how much technology has changed over the years and starting back out in the mid-eighties and early nineties. Sometimes I'm just like, oh, if I could only go back to the IPXSX days and just get rid of botnets and things like that. (laughing) That'd be so much easier. Right? >> The big conversation we're having here, obviously, is Amazon's Security Conference. What's your take on it? Again, security's not new, but their trying to bring this vibe of shared responsibility. Makes sense because they've got half of the security equation, but you're seeing a lot of people really focusing on security. What's your take of, so far, as an attendee? >> Well, as we look and, cause I like to go to these different things. One, first to thank everybody for coming because it's a huge investment of time and money to be at these different shows, but I go to every single booth to kind of take a look to see where they are cause sometimes when we look at some of the different technology, they may have this idea of what they want the company to be and they're maybe only a couple years old, but we may see it as a totally different application and like to take those ideas and innovate them and steer them in another direction that kind of best suits our needs. But a lot of times you see a lot of replay of the same things over and over again. A lot of folks just kind of miss some of the general ideas. And, um, this particular floor that we have, there's some interesting components that are out there. There's a lot of folks that are all about configuration management and auto correction of misconfigured environments and things like that. Which is good, but I think when we look at the shared responsibility model and so forth, there's some components that a lot of folks don't really understand they really have to embrace in their environment. They think, oh it's just a configuration management, it's just a particular checklist or some other things that may fix something, but we really got to talk about the roots of some of the other things because if it's not in your data center and it's out somewhere else, doesn't mean you transfer the liability. You still have the ownership, there's still some practice you got to focus on. >> Take us through the Cloud journey with Legendary. You put some exchange service out there. Continue. >> Yes, and so as we started bringing these other different SaaS models because we didn't want to have the risk of if something went down we lost everything, but as we did that and started embracing Shadow IT, because if this worked for this particular department, we realized that there wasn't necessarily a applicable way to manage all of those environments simultaneous. What we mean after the standpoint, like we mentioned before, the MFA for each of these different components of the Cloud applications. So that naturally led us into something like single sign-on that we can work with that. But as we started looking at the single sign-on and the device management, it wasn't so much that I can't trust you devices, it's how do I trust your device? And so that's when we created this idea of a user-centric security architecture. So it's not necessarily a zero trust, it's more of a, how can I build a trust around you? So, if your phone trusts you based off of iometrics, let me create a whole world around that, that trust circle and build some pieces there. >> Okay, so, let me just interrupt and make sure we understand this. So, you decided to go Cloud-First. You had some stuff in colo and then said, okay, we need to really rethink how we secure our operations, right? So, you came up with kind of a new approach. >> Correct. >> Cloud approach. >> Absolutely. And it's Cloud and so by doing that then, trying to focus in on how we can build that trust, but also better manage the applications because, say for example, if I have a collaboration tool where all my files are, I may want to have some sort of protection on data loss prevention. Well, that Cloud application may have its own piece that I can orchestrate with, but then so does this one that's over here and this one over here and so now I've got to manage multiple policies in multiple locations, so as we were going down that piece, we had to say, how do we lasso the security around all these applications? And so, in that particular piece, we went ahead and we look forward at where is the technology is, so early on, all we had were very advanced sims where if I get reporting on user activity or anomalies, then I had limited actions and activities, which is fine, but then the CASB world ended up changing. Before, they were talking about Shallow IT, now they actually do policy enforcement, so then that allowed us to then create a lasso around our Cloud applications and say, I want to have a data loss prevention policy that says if you download 5,000 files within one minute, take this action. So, before, in our sim, we would get alert and there were some things we could do and some things we couldn't, but now in the CASB I can now take that as a piece. >> So more refined >> Exactly. >> in policy. Now, did you guys write that code? Did you build it out? Did you use Cloud? >> We work with a partner on help developing all this. >> So, when you think about where the CASBs were five years ago or so, it was all about, can we find Shadow IT? Can we find where social security numbers are? Not necessarily can I manage the environment. So, if you were take a step back to back in the old days when you had disparate in network architecture equipment, right? And you wanted to manage all your switches and firewalls, you had to do console on each and every one. Over time as it progressed, we now had players out there that can give you a single console that can get in and manage the entire network infrastructure, even if it's disparate systems. This is kind of what we're seeing right now within the Cloud, where on the cusp of it, some of then are doing really good and some of them still have a lot of things to catch up to do, but we're totally stoked about how this is working in this particular space. >> So, talk about, like, um, where you are now and the landscape that you see in front of you. Obviously, you have services. I know you. We met through McAfee, you have other, some fenders. You have a lot of people knocking on your doors, telling you stuff. You want to be efficient with your team. >> Yes. >> You want to leverage the Cloud. >> Yes. >> As you look at the landscape and a future scape as well, what're you thinking about? What's on your mind? What's your priorities? How're you going to navigate that? What're some of the things that's driving you? >> (sighing) It's a cornucopia of stuff that's out there. (laughing) Depending on how you want to look at it. And you can specialize in any particular division, but the biggest things that we really want to focus on is we have to protect out data, we have to protect our devices, and we have to protect our users. And so that's kind of that mindset that we're really focused on on how we integrate. The biggest challenges that we have right now is not so much the capability of the technology, because that is continually to evolve and it's going to keep changing. The different challenges that we have when we look in some of these different spaces is the accountability and the incorporation and cooperation because a incident's going to happen. How are you going to engage in that particular incident and how are you going to take action? Just because we put something in the Cloud doesn't mean it was a set and forget kind of thing. Because if it was in my data center, then I know I have to put perimeter around it, I know I got to do back-ups, I know I got to do patch management, but if I put it in the Cloud, I don't have to worry about it. That is not the case. So, what we're finding a lot is, some of these different vendors are trying to couch that as, hey we'll take care of that for you, but in fact, reality is is you got to stay on top of it. >> Yeah. And then you got to make sure all the same security practices are in there. So, the question I have for you is: what's the security view of the Cloud versus on premise (muttering) the data's in the perimeter, okay that's kind of an older concept, but as your thinking about security in Cloud, Cloud security versus on premise, what's the difference? What's the distinction? What's the nuances? >> Well, if we go old-school versus new-school, old-school would say, I can protect every thing that's on prem. That's not necessarily the case that we see today because you have all this smart technology that's actually coming in and is eliminating your perimeter. I mean, back in the day you could say, hey, look, we're not going to allow any connections, inbound or outbound, to only outside the United States cause we're just a U.S.-based company. Well, that's a great focus, but now when you have mobile devices and smart technology, that's not what's happening. So, in my view, there's a lot of different things that you may actually be more secure in the Cloud than you are with things that are on prem based off of the architectural design and the different components that you can put in there. So, if you think about it, if I were to get a CryptoLocker in house, my recovery time objective, recovery point objective is really what was my last back-up. Where if I look at it in the Cloud perspective, it's where was my last snapshot? (stuttering) I may have some compliance competes on there that records the revision of a file up to 40 times or 120 times, so if I hit that CryptoLocker, I have a really high probability of being able to roll back in the Cloud faster than I could if I lost something that was in prem. So, idly, there's a lot more advantages in going with the Cloud than on prem, but again, we are a Cloud-First company. >> Is bad user behavior still your biggest challenge? >> Is it ever! I get just some crazy, stupid things that just happen. >> The Cloud doesn't change that, right? >> No! (laughing) No, you can't change that with technology, but a lot of it has to be with education and awareness. And so we do have a lot of very restrictive policies in our workforce today, but we talk to our users about this, so they understand. And so when we have things that are being blocked for a particular reason, the users know to call us to understand what had happened and in many cases it's, you know, they clicked on a link and it was trying to do a binary that found inside of a picture file of all things on a web browser. Or they decided that they wanted to have the latest Shareware file to move mass files and then only find out that they downloaded it from an inappropriate site that had binaries in it that were bad and you coach them to say, no this is a trusted source, this is the repository where we want you to get these files. But my favorite though is, again, being Cloud-First, there's no reason to VPN into our offices for anything because everything is out there and how we coordinate, right? But we do have VPN set up for when we travel to different countries with regards to, as a media company, you have to stream a lot of different things and, so, if we're trying to pitch different pieces that we may have on another streaming video-on-demand service, some of those services and some of those programmings may not be accessible into other countries or regions of the world. So, doing that allows us to share that. So, then, a lot of times, what we find is we have offices and users that're in different parts of the world that will download a free VPN. (laughing) Because they want to to be able to get to certain types of content. >> Sounds good. >> And then when you're looking at that VPN and that connection, you're realizing that that VPN that they got for free is actually be routed through a country that is not necessarily friendly to the way we do business. They're like, okay, so you're pushing all of our data through that, but we have to work through that, there's still coaching. But fortunately enough, by being Cloud-First, and being how things are architected, we see all that activity, where if was all in prem, we wouldn't necessarily know that that's what they were doing, but because of how the user-centric piece is set-up, we have full visibility and we can do some coaching. >> And that's the biggest issue you've got. Bigtime, yes? Visibility. >> What's a good day for a security practitioner? >> (laughing) A good day for a security practitioner. Well, you know, it's still having people grumpy at you because if they're grumpy at you, then you know you're doing you job, right? Because if everybody loves the security guy, then somebody's slipping something somewhere and it's like, hey, wait a minute, are you really supposed to be doing that? No, not necessarily. A good day is when your users come forward and say, hey, this invoice came in and we know that this isn't out invoice, we want to make sure we have it flagged. And then we can collaborate and work with other studios and say, hey, we're seeing this type of vector of attack. So, a good day is really having our users really be a champion of the security and then sharing that security in a community perspective with the other users inside and also communicating back with IT. So, that's the kind of culture we want to have within out organization. Because we're not necessarily trying to be big brother, we want to make it be able to run fast because if it's not easy to do business with us, then you're not going to do business with us. >> And you guys have a lot of suppliers here at the re:Inforce conference. Obviously, Amazon, Cloud. What other companies you working with? That're here. >> That're here today? Well, CrowdStrike is a excellent partner and a lot of things. We'll have to talk on that a little bit. McAfee, with their MVISION, which was originally sky-high, has just been phenomenal in our security architecture as we've gone through some of the other pieces. We do have Alert Logic and also Splunk. They're here as well, so some great folks. >> McAfee, that was the sky-high acquisition. >> That is correct and now it's MVISION. >> And that's the Cloud group within McAfee. What do they do that you like? >> They brought forth the Cloud access security broker, the CASB product, and one of the things that has just been fascinating and phenomenal in working with them is when we were in evaluation mode a couple of years ago and were using the product, we're like, hey, this is good, but we'd really like to use it in this capacity. Or we want to have these artifacts of this intelligence come out of the analytics and, I kid you not, two weeks later the developers would put it out there in the next update and release. And it was like for a couple of months. And we're like, they're letting us use this product for a set period of time, they're listening to what we're asking for, we haven't even bought it, but they're very forward-thinking, very aggressive and addressing the specific needs from the practitioner's view that they integrated into the product. It was no-brainer to move forward with them. And they continue to still do that with us today. >> So that's a good experience. I always like to ask practitioners, what're some things that vendors are doing that either drive your crazy or they shouldn't be doing? Talk to them and say, hey, don't do this or do this better. >> Well, when you look at your stop-doing and your start doing list and how do you work through that? What really needs to be happening is you need your vendor and your account manager to come out on-site once a quarter to visit with you, right? You're paying for a support on an annual basis, or however it is, but if I have this Cloud application and that application gets breached in some way, how do I escalate that? I know who my account manager is and I know the support line but there needs to be an understanding and an integration into my incidents response plan as when I pick up the phone, what' the number I dial? And then how do we engage quickly? Because now where we are today, if I were to have breach, a compromised system administrator account, even just for 20 minutes, you can lose a lot of data in 20 minutes. And you think about reputation, you think about privacy, you think about databases, credit cards, financials. It can be catastrophic in 20 minutes today with the high-speed rates we can move data. So, my challenge back to the vendors is once a quarter, come out and visit me, make sure that I have that one sheet about what that incident response integration is. Also, take a look at how you've implemented Am I still on track with the artchitecture? Am I using the product I bought from you effectively and efficiently? Or is there something new that I need to be more aware of? Because a lot of times what we see is somebody bought something, but they never leveraged the training, never leveraged the support. And they're only using 10% of the capability of the product and then they just get frustrated and then they spend money and go to the next product down the road, which is good for the honeymoon period, but then you run into the same process again. So, a lot of it really comes back to vendor management more so than it is about the technology and the relationship. >> My final question is: what tech are you excited about these days? Just in general in the industry. Obviously security, you've got the Cloud, you're Cloud-First, so you're on the cutting edge, you've got some good stuff going on. You've got a historical view. What's exciting you these days from a tech perspective? >> Well, over the last couple of years, there's been two different technologies that have really started to explode that I really am excited about. One was leveraging smart cameras and facial recognition and integrating physical stock with cyber security stock. So, if you think about from another perspective, Cameras, surveillance today is, you know, we rewind to see something happen, maybe I can mark something. So, if somebody jumped over a fence, I can see cause it crossed the line. Now the smart cameras over the last three or four or five years have been like, if I lost a child in a museum, I could click on child, it tells me where it is. Great. Take that great in piece and put it in with your cyber, so now if you show up on my set or you're at one of our studios, I want the camera to be able to look at your face, scrub social media and see if we can get a facial recognition to know who you are and then from that particular piece, say okay, has he been talking trash about our movies? Is he stalking one of our talent? From those different perspectives. And then, moreover, looking at the facial expression itself. Are you starstruck? Are you angry? Are you mad? So, then that way, I know instantly in a certain period of time what the risk is and so I can dispatch appropriately to have security there or just know that this person's just been wandering around because they're a fan and they want to know something. So, maybe one of those things where we can bring them a t-shirt and they'll move on onto their way and they're happy. Versus somebody that's going to show up with a weapon and we have some sort of catastrophic event. Now, the second technology that I'm really pretty excited about. Is when we can also talk a little about with the Five G technology. So, when everybody talk about FIJI, you're like, oh, hey, this is great. This is going to be faster, so why are we all stoked about things being super, super fast on cellular? That's the technical part. You got to look at the application or the faculty of things being faster. To put it into perspective, if you think about a few years ago when the first Apple TV came out, everybody was all excited that I could copy my movies on there and then watch it on my TV. Well, when internet and things got faster, that form factor went down to where it was just constantly streaming from iTunes. Same thing with the Google Chrome Cast or the Amazon Fire Stick. There's not a lot of meat to that, but it's a lot of streaming on how it works. And so when you think about the capability from that perspective, you're going to see technology change drastically. So, you're smartphone that holds a lot of data is actually probably going to be a lot smaller because it doesn't have to have all that weight to have all that stuff local because it's going to be real-time connection, but the fascinating thing about that, though, is with all that great opportunity also comes great risk. So, think about it, if we were to have a sphere and if we had a sphere and you had the diameter of that sphere was basically technology capability. As that diameter grows, the volume of the technology that leverages that grows, so all the new things that come in, he's building. But as that sphere continue to grow, what happens is the surface is your threat. Is your threat vector. As it continue to grow, that's going to continue to grow. (stuttering) There's a little but of exponential components, but there's also a lot of mathematical things on how those things relate and so with Five G, as we get these great technologies inside of our sphere, that threat scape on the outside is also going to grow. >> Moore's law in reverse, basically. >> Yeah. >> Surface area is just balloon to be huge. That just kills the perimeter argument right there. >> It does. >> Wow. And then we heard from Steve and Schmidt on the keynote. They said 90% of IOT data, thinking about cameras, is HTTP, plain text. >> Exactly. And it's like, what're you-- >> Oh, more good news! >> Yeah. (laughing) >> At least you'll always have a job. >> Well, you know, someday-- >> It's a good day in security. Encrypt everywhere, we don't have time to get into the encrypt everywhere, but quick comment on this notion of encrypting everything, what's your thoughts? Real quick. (sighing) >> All right, so. >> Good, bad, ugly? Good idea? Hard? >> Well, if we encrypt everything, then what does it really mean? What're we getting out? So, you remember when everybody was having email and you had, back in the day, you had your door mail, netscape navigator and so forth, and thought, oh, we need to have secure email. So then they created all these encryption things in the email, so then what happens? That's built into the applications, so the email's no longer really encrypted. >> Yeah. >> Right? So I think we're going to see some things like that happening as well. Encryption is great, but then it also impedes progress when it comes to forensics, so it's only good until you need it. >> Awesome. >> Dan, thanks so much here on the insights. Great to have you on The Cube, great to get your insights and commentary. >> Well, thank you guys, I really appreciate it. >> You're welcome. >> All right, let's expecting to steal is from noise, talking to practitioner CSOs here at re:Inforce. Great crowd, great attendee list. All investing in the new Cloud security paradigm, Cloud-First security's Cube's coverage. I'm John Furrier, Dave Vellante. Stay tuned for more after this short break. (upbeat music)

>> Narrator: Live from Las Vegas, it's, theCube. Covering NAB 2017, brought to you by HGST. (upbeat techno music) >> Hey, welcome back everybody. Jeff Frick hear with, theCube. We're at NAB 2017 in Las Vegas, California. 100,000 people all talking about broadcast industry, media industry, and tech. Met is the theme because the technology is completely interwoven in with media and entertainment. And we're excited to have a great representative from the Hollywood Section Manager, Society Motion Picture and Television Engineers. That's a mouth full, Steve Wong. Steve, welcome. >> Welcome, or SMPTE, that's the easiest. >> SMPTE, I'll go with SMPTE, he's from SMPTE. Alright so you had an interesting talk earlier about blockchain. It's interesting, we've been here for three days and a lot of conversations of kind of, similarities with trends we're seeing at other shows that we cover with democratization of data, and access to the data, and abilities of cloud, and integrated security. But we haven't really talked about blockchain. But I think that's kind of funny, that now we're hearing the blockchain conversation come in too as we hear in many places. Where does blockchain fit? >> You know it's really interesting, because originally I had heard of a blockchain for folks in the financial industry. And that's where the real big push is. And a lot of VC's were talking about blockchain. So I started to look at blockchain and median entertainment, and I said, "You know could this fit? "You know what would be an interesting fit for this?" And when you look at making a movie or a television program, it's just a lot of transactions. And that's where blockchain is absolutely perfect. >> Right. >> You know blockchain is basically a general ledger entry. So when you think of you know, why is that important? You know, I looked back to the origination of content, you know, for moving images, and that's a feature film script or a television script. >> Jeff: Right, right. >> So imagine when you write that, the first thing you do is you go and you register it with the copyright office. So my thought is, that's your first chain in that link of ownership. And so the next thing you do, is you want to option that script off. So you're going to send out a document, your PDF to your agent, and he's going to send it out to a bunch of other agents. And then you'll have a track record of that next transaction, whoever received that. >> Jeff: Right, right. >> So as you go down through that production, you know I envision being able to tie it back to that original ownership for that script. Whoever options his script to go out into the production. To actually take that all the way down to the storage, to the camera, and be able to pull even all of that meta-data together. Link it to the ownership into that chain, all the way to the distribution to the actual viewer at the end of it. >> So, the greatest descriptive term I've heard of blockchain is trust as a service. >> Steve: Right. >> Which is really an interesting way to coin it. And what's interesting about this industry, is the transient nature of the way, you know, kind of groups of people and resources are assembled around a particular project, this script in which you described. They create this asset, and then they go, you know, poof, they go back from whence they came. >> That's the challenge, right? >> So it really begs, it begs for better trust solutions. >> So imagine you get a deal with a show, and they say, "You know what? "We're going to pay you rate, "but we're going to give you percentage of the back end." And you say, "Fantastic." And then you go on to your next project. How do you find that out? >> Jeff: Right, right. >> Right now it's really difficult to track that all the way back, residuals or whatever. This will be an easy way to basically see who's seen it, who gets paid, what you're owed, and everything else. >> Right. Now it's pretty crazy now you said before we turned on the cameras, that it's all very, very still old-school paper based at this point and time. >> That's the crazy thing about, you know, you look at other industries, you know, and I touch a lot of industries. And you think, wow, you know, we've got basic things. Such as when I start with an employer, I can go online and download all of my stuff, and I never touch paper. But even today in the television industry and the motion picture, you know, for 99% of it, it's all paper. So basically all my stuff I have to physically give them, and fill out, you know, documents at the end of the day. You know, a PA checks me in when I show up. A PA signs when I send out, on a piece of paper, they send it in a football back to the financial office at the show. And they do all these things manually. You know, it's coming to where they're doing digital onboarding. >> Right. >> But all this stuff is still paper. Because really it's like we've been making movies for the last hundred years. >> Right, and yet we're surrounded at this conference with hundreds of thousands of square feet of new technology, and new innovation, and computer based stuff, and IP based stuff, and crazy cameras, and 360 cameras, and 4K, and 8K, and HDTV. So clearly there's no holding back the technology edge. That there's three leverages, but then you got to check-in with the PA right? >> If you make billions of dollars the same way that you did a hundred years ago You know, who's going to be the guy that going to change that? Or a girl, right? That's the challenge, if it's, you know, not broke, don't fix it. >> That's why I love Clayton Christensen's book. It's still my all-time favorite book. Right, it hard to change when you've been making money, that same old way. So what are some of your other impressions of the show? You've been coming here for a number of years. The vibe's different I keep hearing. It's our first time, but I'm curious to get your kind of general impression. >> You know the interesting thing is, you know, again following the trends in other industries, you know, to move to a true digital IP workflow. So I'm seeing that really starting to materialize around here. You know, I think that the challenge is... You know, when I started off a hundred years ago on television I was a, you know, de facto MIS manager and director of research at ABC. And back in those days, in the 90s, you know, I connected our sales team to the internet. And then you could actually send emails to the buyers, and that was like a big, big jump. >> That was a bad day though, in hindsight. >> Yeah, so um. >> (laughing) Too much email ack. >> So you see folks that, you know, understand video and BNC cables, and things like that. >> Right, right. You have another group that understand ethernet, you know, NIP. And they have always been in two different worlds. You know, at every TV station, you have your IT guy that would never touch the broadcast equipment, he was forbidden there. >> Jeff: Right, right. >> You know, a long time ago. But now you see that merger. You know, where you really have, you know, a manager or VP that understands video and understands IP, and says, "You know there's a better way to do that." And it's secure now a days, and you know, if you take the right precautions. So that's the trend that I've seen change around here. Because the cameras are all digital, right? >> Right, right. >> Everything is digital along that path, why would you have to go back to video? >> Jeff: Right. >> You know, we have things like Periscope. We can do live video to millions of people. >> Jeff: Right. >> So the technology's clearly here. >> It's just so amazing, you know again, the themes are consistent wherever we go. This just democratization of access, and ability. That I can go sit in the front row of a Dodger, Giant's game, and you know, hold up my Periscope and pretend that I'm Vin Scully, you know, for a minute. Which clearly I'm not. And people probably are not going to watch me like they love Vin Scully. But it's so interesting that at the low-end, you know, there's so many tools available for people, for creators, that they just have access that they didn't have before. At the high-end, I mean, the amount of stuff in this conference room. Again with the 360, and VR, and the IR, and the 4K, and the 8K. You know, it's fascinating. But I sometimes wonder is it too much? Are we still managing, you know, the story telling? And is it-- >> And that's what it comes down to. You have to tell a story, that's the most important thing. >> It's so competitive for the audience, right? Because the alternate is just a quick swipe away, you know. So it seems like the pressure to perform, and to get your ROI's, especially on these bigger projects, has got to be higher than it's ever been. >> Alright, this is an interesting thing, because what we've seen in Hollywood is an increase in production. You know, it used to be you'd wait, you know, for a TV season, and they'd pitch the shows to the advertising agencies in New York. But now with the increase of Netflix and Amazon, there's always a season. >> Jeff: Right, right. 'Cause they're always buying things. You know, whatever YouTube channels. You see YouTube stars that are making money, and that's a valuable audience now. Where people are saying, "I'll just watch YouTube tonight "and see what's going on there, "from the people I like to follow." >> Jeff: Right. >> So that drives production, you know, goals and costs down because you can't do a hundred million dollar YouTube production, or you can I guess, right? But you probably won't make any money with it. >> (laughing) I'm sure they are. But the other thing is just strikes me, just is the compression around, for feature movies, around the opening weekend. 'Cause there's only 52 weekends a year. >> Steve: Right. >> And, you know, some of those are probably not so great from a marketing point of view. And this just compression to make that number. Because the next weekend, or two weekends from now it's another movie, or it's another movie, or it's another movie. And so it's seems just crazy. On the other hand, the long-tail opportunities with VOD, and multi-forms of distribution, multi-language, multi-format, multi-channel are bigger than they've ever been before. So it's this interesting dichotomy in terms of the way the market's evolving. >> The interesting thing, because of that pressure, we see huge growth in analytics. You know, there was a great article from, About Netflix, talking about the genres. You know, in Hollywood we've got like 13 genres or something like that. But Netflix has like 73 genres. >> Jeff: Right. >> So they've broken down their audience 'cause they have the device. You know, they know exactly what they're watching. So they use those analytics to their benefits when they buy. You know, the studios are at a disadvantage, unless they have the same things. >> Right. >> So you see guys like Legendary investing in analytics teams and, you know, all these other folks out there that are investing in these analytics teams to make that, you know, smarter investment for those movies. >> Right, it is interesting is, again, as it gets consistent, right? Is that now, if you can track to the consumption of the material, you're not just shipping the product anymore. And it's going to a theater, and hopefully people are watching it or not watching it. But now if they're watching it on their phone, you know, where they're watching, who's watching it, you know what time, how often, how deep they go-- >> Well now that's the key. >> Jeff: It's pretty interesting. >> If you have that application, and you have the ability, you know, like Netflix does that's awesome. >> Jeff: Right, right. >> But remember most of the studios and networks, they're creating it and licensing it off. So they may not get that information. But that's where you see the other trend, where folks like HBO, they create the content, but they also want to have that application device so they can get that information. So I think that's another trend you'll start seeing. >> So will the ones that are still independent that don't have the channel, you know, start to get back as part of their channel deal, some of that data? >> It's challenging, right? Because cable companies typically don't want to release that data. You know, a secondary OTT app may not want to release that data. So it really forces a creator to own that distribution chain, so they can get that valuable data, so. >> Interesting time. Somebody said earlier, I think in the week, that Netflix, I think, is now the largest producer. I don't know what genre of category, but they're like one of the largest studios now of all. Which is pretty fascinating, when they were simply, you know, DVD rental service not that long ago for people that remember what a DVD was. >> Steve: Right. Having difficulty getting contracts with studios. >> Jeff: Right, exactly. >> But-- >> So make your own I guess, that's the ticket. >> Steve: There you go. >> Alright, Steve, so I'll give you the last word. As you look forward to 2017, if we meet again here next year-- >> Steve: Yes. >> What do you think the topics going to be? >> Again, I think what you're going to see is more folks moving to a public cloud, trusting that, and really working with it, using analytics. And the most important thing, that we touched on, is managing that security. Making sure they don't get hacked, so. >> Alright, Steve. Well, Steve from SMPTE. That was the shorter way. >> There you go. >> Steve Wong, I'm Jeff Frick. Thanks for stopping by. >> Steve: Thanks so much. >> Alright, you're watching, theCube, from NAB 2017. We'll be right back after this short break. (upbeat techno music)